[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Security Considerations
I looked into the issue of whether to roll the security considerations into the new 2.1 document. I note that the current security considerations are identified by area of applicability. Based on feedback from implementers and the historical experience of developers failing to take precautions found in the security considerations, I think it would be a good idea. I also note that a number of new types of vulnerability have become known since 2.0 was published. Therefore I propose the following. 1. Move the security considerations which apply to the content into the 2.1 document(s). 2. Add to or update the discussions to reflect more recent vulnerabilities. 3. Where the main body of the text specifies features of the implementation designed to counter specific attacks, make reference to the appropriate section of the security considerations within the same document. I suggest the issue of what to do with any residual material from the current security considerations document be deferred until we know what it is. The choices here are to a) stick them arbitrarily in the new document(s), b) publish them as a separate "other security considerations" document or c) include all the new and old material in an updated version of security considerations. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]